{"id":5392,"date":"2025-03-01T17:35:06","date_gmt":"2025-03-01T17:35:06","guid":{"rendered":"https:\/\/appsec.es\/?p=5392"},"modified":"2025-03-01T18:04:20","modified_gmt":"2025-03-01T18:04:20","slug":"highlights-from-the-verizon-2024-data-breach-investigations-report","status":"publish","type":"post","link":"https:\/\/appsec.es\/en\/highlights-from-the-verizon-2024-data-breach-investigations-report\/","title":{"rendered":"Highlights from the Verizon 2024 Data Breach Investigations Report"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"5392\" class=\"elementor elementor-5392\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a3eb219 e-flex e-con-boxed e-con e-parent\" data-id=\"a3eb219\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4757c89 elementor-widget elementor-widget-text-editor\" data-id=\"4757c89\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Verizon has released the seventeenth edition of the 2024 DBIR, an exhaustive analysis of the main trends, tactics, and consequences of cybersecurity incidents worldwide. Compiled from over 30,000 real security incidents (and more than 10,600 confirmed breaches) across 94 countries, this report provides clear insight into the threat landscape and the best practices for addressing it. Below is a summary of the most relevant points and recommendations derived from the study.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-87debe7 e-flex e-con-boxed e-con e-parent\" data-id=\"87debe7\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b2ac757 elementor-widget elementor-widget-heading\" data-id=\"b2ac757\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">1. Increasing number of breaches and global scope<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6e6cad7 elementor-widget elementor-widget-text-editor\" data-id=\"6e6cad7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The report confirms a continuous rise in reported incidents. During the period analyzed (from November 1, 2022, to October 31, 2023), 30,458 security incidents were recorded, of which 10,626 were confirmed data breaches. This figure is a record high in the DBIR\u2019s historical series, further highlighting the participation of organizations of all sizes and sectors.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-7679b2f e-flex e-con-boxed e-con e-parent\" data-id=\"7679b2f\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-83737be elementor-widget elementor-widget-heading\" data-id=\"83737be\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">2. Main attack patterns<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5971548 elementor-widget elementor-widget-text-editor\" data-id=\"5971548\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The DBIR groups incidents into eight patterns:<\/p><p><b>1. System Intrusion<\/b>: Continues to lead breach classifications, accounting for 36% of the total. This pattern involves sophisticated attacks based on a combination of hacking and malware, often aiming to deploy ransomware or exfiltrate critical data.<br \/><b>2. Social Engineering: <\/b>This category encompasses attacks that compromise the \u201chuman\u201d element as a fundamental asset, with a noticeable rise in pretexting (a form of Business Email Compromise, BEC) and phishing. The human factor remains pivotal, present in 68% of breaches.<br \/><b>3. Basic Web Application Attacks:<\/b> While still very relevant\u2014often involving stolen credentials from vulnerable web apps\u2014its proportion decreased slightly in 2024, due to the growth of System Intrusion and human errors.<br \/><b>4. Miscellaneous Errors:<\/b> This category has grown considerably, reaching 28% of breaches. It includes breaches caused by negligence or mistakes in system configuration, sending sensitive information to the wrong recipients, or accidentally exposing data in the cloud.<br \/><b>5. Privilege Misuse: <\/b>Focuses on the improper use of internal privileges by employees or contractors. Although its overall share is smaller than that of other patterns, this kind of malicious insider activity remains significant.<br \/><b>6. Denial of Service<\/b>: In incidents (rather than confirmed breaches), it remains very frequent (59%), mainly involving large-scale DDoS attacks. These typically affect system availability rather than causing data breaches.<br \/><b>7. Lost and Stolen Assets:<\/b> Involves lost or stolen devices holding sensitive data (phones, laptops, or hard drives). Though less frequent, it is still relevant.<br \/><b>8. Everything Else<\/b>: Atypical or complex incidents that do not fit into any of the other patterns.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-7660ca9 e-flex e-con-boxed e-con e-parent\" data-id=\"7660ca9\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e149199 elementor-widget elementor-widget-heading\" data-id=\"e149199\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">3. The rise of ransomware and extortion<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-37f4114 elementor-widget elementor-widget-text-editor\" data-id=\"37f4114\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>One of the most noteworthy findings is the consolidation of ransomware as a persistent mechanism of cyber extortion. Roughly 23% of all breaches involve ransomware, a record high for this type of attack. However, the DBIR emphasizes the notable growth of \u201cnon-encrypting\u201d extortion, in which data is stolen and threatened with public disclosure. Combining both modalities (ransomware and extortion) brings the total to 32% of the breaches analyzed.<\/p><p><br \/>These campaigns have become more aggressive and sophisticated. For instance, Cl0p exploited zero-day vulnerabilities, such as MOVEit, compromising thousands of organizations globally. Average ransomware demands hover around 1.34% of the victim organization\u2019s annual revenue, though in some cases they can exceed 8%. Beyond direct extortion, affected parties must also account for system restoration costs, legal notifications, and potential regulatory penalties<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-772be7c e-flex e-con-boxed e-con e-parent\" data-id=\"772be7c\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-572ef8f elementor-widget elementor-widget-heading\" data-id=\"572ef8f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">4. Human factor: the weakest link<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a80d72e elementor-widget elementor-widget-text-editor\" data-id=\"a80d72e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Individual involvement (employees, contractors, or partners) in incidents remains decisive in 68% of breaches when pure insider malice (Privilege Misuse) is excluded. Two trends are particularly noteworthy<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0054945 elementor-widget elementor-widget-text-editor\" data-id=\"0054945\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><strong>Errors and oversights<\/strong>: The rise in the \u201cMiscellaneous Errors\u201d pattern highlights incidents where an employee or IT team member makes a mistake (e.g., misconfiguration, emails sent to the wrong recipients, or physical documents handed to unauthorized individuals).<\/li><li><strong>Social engineering:<\/strong> Phishing, BEC, and pretexting represent especially fast and effective attack vectors. On average, it takes less than 60 seconds for a user to be \u201chooked\u201d by a fraudulent email once opened, according to awareness simulations reported by organizations.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-cabc3cd e-flex e-con-boxed e-con e-parent\" data-id=\"cabc3cd\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5176436 elementor-widget elementor-widget-heading\" data-id=\"5176436\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">5. Vulnerability exploits and supply chain<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2eccc4a elementor-widget elementor-widget-text-editor\" data-id=\"2eccc4a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Attacks involving vulnerability exploitation have grown by 180% compared to the previous year, fueled by critical vulnerabilities (MOVEit, Log4j, etc.). Moreover, 15% of all breaches involve third parties (partners or third-party software), marking a notable increase from 9% in the previous period. This underscores the growing importance of supply chains and the associated risks of external software and services.<br \/>Additionally, organizations take roughly 55 days to patch 50% of vulnerabilities classified as critical by CISA, while malicious scanning and exploitation begin, on average, just 5 days after disclosure. This time gap allows cybercriminals to exploit outdated systems, necessitating a prioritized patching approach.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-1428887 e-flex e-con-boxed e-con e-parent\" data-id=\"1428887\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7c267e6 elementor-widget elementor-widget-heading\" data-id=\"7c267e6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">6. Costs and consequences<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a2251df elementor-widget elementor-widget-text-editor\" data-id=\"a2251df\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In addition to immediate losses (ransom payments, theft of funds or data), affected organizations face possible fines and regulatory sanctions, reputational harm, and system recovery costs. The DBIR indicates that the median cost of a ransomware incident reported to the FBI IC3 is around $46,000, though the total impact can rapidly escalate depending on the breach\u2019s scope and the size of the organization<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-7b0e928 e-flex e-con-boxed e-con e-parent\" data-id=\"7b0e928\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-77391fb elementor-widget elementor-widget-heading\" data-id=\"77391fb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">7. Key recommendations<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1d6be5f elementor-widget elementor-widget-text-editor\" data-id=\"1d6be5f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The 2024 DBIR highlights the importance of:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7c1de83 elementor-widget elementor-widget-text-editor\" data-id=\"7c1de83\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u2022 Swift and prioritized patching of critical vulnerabilities.<br \/>\u2022 Multifactor authentication (MFA) and robust password policies.<br \/>\u2022 Staff training and awareness to counter phishing and BEC.<br \/>\u2022 Reviewing supply chain security and choosing providers that adopt a \u201cby design\u201d security approach.<br \/>\u2022 Network segmentation, reliable backups, and regularly tested incident response plans.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-62f46cb e-flex e-con-boxed e-con e-parent\" data-id=\"62f46cb\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4a475d1 elementor-widget elementor-widget-heading\" data-id=\"4a475d1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Conclusion<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c12b6b1 elementor-widget elementor-widget-text-editor\" data-id=\"c12b6b1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Cybersecurity grows more complex each year. Attackers are refining ransomware and extortion methods, leveraging social engineering, software vulnerabilities, and supply-chain weaknesses. Organizations, in turn, have improved detection capabilities and are compelled to report more incidents, offering a clearer view of current threats. Nonetheless, the high degree of human involvement and the professionalization of cybercrime underscore that vigilance, collaboration, and continual enhancement of defenses remain crucial.<\/p><p>For organizations of all sizes, the primary keys are comprehensive protection of critical assets, thorough patching, effective user awareness programs such as Kymatio, verification of third-party security, and robust crisis management and disaster recovery plans. Ultimately, an organization\u2019s resilience depends on its ability to anticipate risks, detect incidents quickly, and respond effectively to evolving criminal tactics.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>The 2024 Data Breach Investigations Report (DBIR) from Verizon underscores that the involvement of individuals (employees, vendors, or partners) in cybersecurity incidents remains at 68% of all breaches.<\/p>\n","protected":false},"author":1,"featured_media":5387,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5392","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sin-categorizar"],"_links":{"self":[{"href":"https:\/\/appsec.es\/en\/wp-json\/wp\/v2\/posts\/5392","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/appsec.es\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/appsec.es\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/appsec.es\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/appsec.es\/en\/wp-json\/wp\/v2\/comments?post=5392"}],"version-history":[{"count":13,"href":"https:\/\/appsec.es\/en\/wp-json\/wp\/v2\/posts\/5392\/revisions"}],"predecessor-version":[{"id":5406,"href":"https:\/\/appsec.es\/en\/wp-json\/wp\/v2\/posts\/5392\/revisions\/5406"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/appsec.es\/en\/wp-json\/wp\/v2\/media\/5387"}],"wp:attachment":[{"href":"https:\/\/appsec.es\/en\/wp-json\/wp\/v2\/media?parent=5392"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/appsec.es\/en\/wp-json\/wp\/v2\/categories?post=5392"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/appsec.es\/en\/wp-json\/wp\/v2\/tags?post=5392"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}